SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Embedded Server/Appliance)  >   Siemens SIMATIC Controller Vendors:   Siemens
Siemens SIMATIC S7-1200 CPU Web Interface Lets Remote Users Redirect Users to Arbitrary Web Sites
SecurityTracker Alert ID:  1031607
SecurityTracker URL:  http://securitytracker.com/id/1031607
CVE Reference:   CVE-2015-1048   (Links to External Site)
Date:  Jan 22 2015
Impact:   Modification of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): S7-1200 prior to 4.1
Description:   A vulnerability was reported in Siemens SIMATIC S7-1200. A remote user can redirect the target user to arbitrary web sites.

A remote user can create a specially crafted URL that appears trusted but that, when loaded by the target user, will redirect the target user's browser to an arbitrary (untrusted) web site.

Ralf Spenneberg, Hendrik Schwartke and Maik Bruggemann from OpenSource Training reported this vulnerability.

Impact:   A remote user can redirect the target user to arbitrary web sites.
Solution:   The vendor has issued a fix (S7-1200 4.1).

The vendor's advisory is available at:

http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-597212.pdf

Vendor URL:  www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-597212.pdf (Links to External Site)
Cause:   Access control error, Input validation error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC